Back to libapache2-mod-auth-openidc PTS page

Accepted libapache2-mod-auth-openidc 2.3.10.2-1+deb10u4 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted libapache2-mod-auth-openidc 2.3.10.2-1+deb10u4 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 05 Mar 2024 18:00:19 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.changes
Debian-source: libapache2-mod-auth-openidc
Debian-suite: oldoldstable
Debian-version: 2.3.10.2-1+deb10u4
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=9d75WvkBnKZpgVtzqDuQiOociT6lBHLU44ZnqAFSKpY=; b=jgmwDf6G+NNnymGpvmYP1ZXbrO vVzzQEw9h31gL/vSAlu4TdhFYL0/4sIrozGx1Mo6WHNlMxC2VYxiq8R6J3S1aTjW4Vu+NZuLnFpfZ xp7F4STRqA24Gd+DyKRZTrgYTW8JmmcJ6/Qg490lYHvJDIqrSBVJCASOYZS4VZDQ6wxtbfKVvPqKV pcdPbwKTDXd6L1kmBZW9rmEtBgKRYJohig3xiAb7Be6rODhUKNnCvWaB5XKgHwXm8Q/4npsgPidgO dcJNqc3DsJu+KjeQljGx4EUoPw/WUF9kHCvWNI9d4BxiKKINyATpYGm//mmVFdyerXyACpq84GpIg 5d+1Bfxw==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1rhZ5P-00097h-52@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 05 Mar 2024 17:43:32 +0000
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.3.10.2-1+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.3.10.2-1+deb10u4) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)
Checksums-Sha1:
 b8e9a96d1bc7ac090549d1a46003a64b39effca1 2534 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.dsc
 bede99318fd540076dc2e2f2f80714ae1736b0bb 263825 libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz
 e33d9e9aa68bfc4a6b9a9aff7a7dfb63bb09551f 18780 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.debian.tar.xz
 139bc5c550b22d2f0dfead7c56d449aba16224b1 7634 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.buildinfo
Checksums-Sha256:
 ee11805597937d5e8c8a5673b9bc2a96beac086a3a5e6e0ba2a345c2a3f15f96 2534 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.dsc
 d72fd1131554225b9256a5d5f5e93ecce298ac8946c2511973ab07436902c641 263825 libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz
 9a90a160d04bcf4e283ec3154ec9886cc984d2a5c1c97219ea78e492ffc57a0c 18780 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.debian.tar.xz
 470738e6bade0c95933bb5070fcd2ed6d1be27978c56c936610a6f99d27f14f4 7634 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.buildinfo
Files:
 fffa9a02b74acd0852a021bfc7860b2b 2534 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.dsc
 6b81eb34bfc2baecd44bb3a775d27a1d 263825 httpd optional libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz
 c27b32f63c3975d12057bf2fd1196461 18780 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.debian.tar.xz
 585564795b0768a920c1251ce3ca21d9 7634 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXnW9gACgkQHpU+J9Qx
HljhzhAArLLvql8ggdvKUvrHFYOBk6rAxjJt+IepsbBkGxcSnuNQY6C9AiQESSol
1WynrDHrlQg55UrC2SZfpBwhcgp7J608zAhVyB+RakNGNs2AZ68/ehUCkDijJ1cL
HI/tBRrZShRziXJKebD6NT1nX3srgTplhDCn2OivFTTXpN0ea57xoyRaHpAc1OJ5
NvAcmICOpcxQIA7iQOWLmlXEQe7oGTlcgRWElOyWWxWV75BoLzBsEGhroXUT2f5H
xWXUtZdTev5lHtiB9B+acsJagKwiPgdt4CmYQsblwcIIjbvXmM/hduY5qCUcC3h6
q3z8Pca7uWGk9OQKjb2Y5HvXTJy6QU8p4Inx2dR1/LhpzDebULucnRopVdtfB0e6
kSr4PD3kchFEqVTKusGnkzGB712ZIipBEGW/SdxUabBwkUJEjuhnJHG463O589cY
4SOc8wsaEIQwKJTLdWF+DJbtiG5d+CAW2RGLLiYLBQPWboKMC66caTeRkOEG9SFr
qPUBMX5SlkQ9OXAhltKur1Lbqwt/Acd7b4pT3nIVQpnjVklVe4BOnZRJVqFBIBdj
YWRfru5cpgnQEU0Tfwae92o7sR06TVFtHHR+3SxNa99zzacq2zEqi3o4Mj3dFgCR
rr546CNJ/kI0eb231YkKQMRxIMpcI8rXa801XGnFNAlwm6x5i30=
=46hg
-----END PGP SIGNATURE-----

Attachment: pgpFr5MSLTMHk.pgp
Description: PGP signature